On a hazy April morning in 2026, a Panamanian-flagged VLCC appeared on AIS trackers gliding through the Strait of Hormuz at 14 knots, its transponder broadcasting a cargo of Iraqi Basrah Light bound for Chennai. But satellite radar showed no vessel at those coordinates—only an empty stretch of water where the ship should have been. Hours later, the same signal reappeared near Fujairah, this time claiming to load Emirati crude for Singapore. To the untrained eye, it looked like routine traffic. To the analysts at MarineTraffic and C4ADS, it was a textbook case of AIS spoofing—a digital illusion masking the movement of sanctioned Russian oil through one of the world’s most chokepointed waterways.
This isn’t just about evading detection. It’s about the erosion of maritime trust in an era where a ship’s identity can be rewritten with a few lines of code. The Strait of Hormuz, through which roughly 20% of global oil supplies flow, has become a testing ground for a new kind of naval deception—one where tankers don’t just fly false flags, but broadcast false positions, false destinations, and even false identities. And while the WIRED piece brought much-needed attention to the analysts tracking these ghosts, it left a critical gap: how exactly are these spoofing operations structured, who enables them, and what does their persistence say about the limits of 21st-century maritime governance?
The answer lies not just in the technology, but in the economics. Since the full-scale invasion of Ukraine in 2022, Western sanctions have barred Russian crude from traditional insurance pools and European ports. Yet Russian oil exports have remained remarkably resilient, averaging 7.2 million barrels per day in early 2026—only slightly below pre-war levels. How? Through a shadow fleet of over 600 aging tankers, many reflagged to obscure jurisdictions like Palau or the Cook Islands, operating outside the purview of Western maritime regulators. But reflagging alone isn’t enough. To access Asian markets while avoiding secondary sanctions, these vessels increasingly rely on sophisticated AIS manipulation—turning off transponders during illicit transfers, broadcasting fake voyages to confuse tracking algorithms, or even impersonating legitimate ships from neutral nations.
“What we’re seeing is the industrialization of deception,” said Captain Elena Vasquez, a former Maersk navigator now consulting for the Global Maritime Crime Programme at UNODC. “It’s not just one rogue operator faking a signal. We’ve got entire logistics networks built around spoofing—shell companies registering vessels, third-party providers manipulating AIS feeds, and brokers who specialize in mixing sanctioned cargo with legitimate loads to obscure origin.” UNODC’s 2025 maritime crime report noted a 300% increase in AIS anomalies in the Gulf region since 2023, with spoofing incidents peaking during Iranian naval exercises—suggesting deliberate exploitation of regional tension to mask illicit flows.
The technical execution is surprisingly accessible. AIS spoofing requires little more than a laptop, a software-defined radio, and open-source tools like AISdK or Kystsignal—originally designed for research and testing, now repurposed for evasion. Unlike GPS jamming, which is detectable and often provokes naval response, spoofing is stealthy. It doesn’t block signals; it fabricates them. And because AIS was never designed with authentication or encryption, there’s no built-in way to verify whether a transmission is genuine.
This vulnerability has turned the Strait into a high-stakes game of cat, and mouse. Analysts at C4ADS use machine learning models trained on historical vessel behavior to flag implausible routes—like a Suezmax suddenly appearing off the coast of Eritrea after declaring a transponder malfunction in the Red Sea. But as detection improves, so does evasion. Some spoofed vessels now mimic the micro-movements of legitimate ships, drifting slightly with currents to avoid raising alarms. Others operate in “dark mode,” going fully silent for days before reappearing with a clean-slate identity.
“The real challenge isn’t spotting the spoof—it’s proving intent,” explained Dr. Rajiv Mehta, a maritime security analyst at the Observer Research Foundation in New Delhi. “You can show a ship lied about its position. But unless you catch it in the act of ship-to-ship transfer with sanctioned cargo, or find physical evidence like tampered seals, you’re stuck in a legal gray zone.” ORF’s 2024 study on maritime sanctions evasion estimates that up to 40% of Russian crude shipped to India and China in 2025 passed through at least one AIS manipulation event, yet fewer than 5% resulted in interdiction or penalties.
Why so little action? Partly because enforcement is fragmented. No single authority governs the Strait—coastal states Iran, Oman, and the UAE share responsibility, but their priorities diverge. Iran benefits from the opacity; it uses similar tactics to export its own sanctioned oil. Oman and the UAE, while publicly committed to maritime security, rely heavily on transshipment revenues and are reluctant to antagonize powerful trading partners. Meanwhile, flag states like Panama and Liberia, overwhelmed by registries exceeding 8,000 vessels each, lack the bandwidth to investigate every anomalous signal.
The economic ripple effects are significant. Spoofing undermines the price discovery mechanism in global oil markets by obscuring true supply flows. It similarly increases insurance premiums for legitimate shippers, who face higher war-risk surcharges when operating in zones marked by deceptive practices. And environmentally, the risk grows: older, poorly maintained vessels conducting covert transfers in congested waterways raise the likelihood of collisions or spills—incidents that are harder to investigate when the ship’s identity is in doubt.
Yet Notice signs of adaptation. The EU’s Maritime Security Centre for the Horn of Africa (MSCHOA) has begun sharing AIS anomaly data with allied navies in real time. Lloyd’s List Intelligence now offers a “Vessel Risk Score” that flags ships with suspicious AIS histories. And the International Maritime Organization is finally advancing discussions on e-navigation authentication protocols, though consensus remains elusive amid concerns over cost and sovereignty.
For now, the analysts watching the Hormuz remain our best line of defense—not because they can stop every spoofed tanker, but because they make the invisible visible. Their work reminds us that in maritime security, as in journalism, the first step toward accountability is bearing witness. And in a world where a ship can vanish and reappear with a new name, that act of seeing clearly is itself a form of resistance.
What do you think—should AIS be treated like a public utility requiring basic security standards, or is the openness of the system worth the risk? I’d love to hear where you stand.
